Foro de InfoSpyware - Foro de Hijackthis - Foro de Virus

He leido que este combofix es algo delicado y como hay que desconectar me imagino e norton y el windows defender; como estoy seguro que los quito?

debo hacerlo desde mi pc y parar el servicio? porque norton es algo dificil de que quede totalmente inactivo.
Ya que tambien el Norton si desconecto el antispyware por ejemplo me pone 1 hora etc. con el antivirus tambien me preocupa que no funcione bien.

Solamente lo deshabilitas EN FORMA TEMPORAL. No tienes que desinstalar nada.

Buen en mi experiencia con combofix desconecte el antivirus y cuando volvi a correr el combofix no me dio ninguna advertencia.
pero cuando combofix reinicio la maquina salio como siempre la ventana de norton diciendo que esta el packed.generic.200 no se si eso afecte el analisis sin embargo el norton estaba desconectado permanentemente.

Este es el reporte de combofix

ComboFix 09-06-28.06 - Mynor 29/06/2009 10:07.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.502.1033.18.702.394 [GMT -6:00]
Running from: c:\documents and settings\Mynor\Desktop\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}



WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Mynor\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\All Users.\documents\settings
c:\documents and settings\All Users.\documents\settings\config.ini
c:\documents and settings\Mynor\Local Settings\Temp\IadHide5.dll
c:\windows\dat.txt
c:\windows\system32\rasqervy.dll
c:\windows\system32\sdfinacs.dll
c:\windows\system32\ssprs.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACivjlvxpdjorjwvg.log
c:\windows\system32\UACwylypryvmkoenqt.dat
c:\windows\system32\wuasirvy.dll

.
((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-06-29 )))))))))))))))))))))))))))))))
.

2009-06-29 16:17 . 2009-03-12 09:03 165240 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl. dll
2009-06-29 14:30 . 2009-02-25 09:00 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009062 9.003\EECTRL.SYS
2009-06-29 14:30 . 2009-02-25 09:00 101936 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009062 9.003\ERASER.SYS
2009-06-29 14:30 . 2009-02-23 07:58 89104 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009062 9.003\NAVENG.SYS
2009-06-29 14:30 . 2009-02-23 07:58 876144 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009062 9.003\NAVEX15.SYS
2009-06-29 14:30 . 2009-02-23 07:58 259368 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009062 9.003\ECMSVR32.DLL
2009-06-29 14:30 . 2009-02-23 07:58 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009062 9.003\NAVENG32.DLL
2009-06-29 14:30 . 2009-02-23 07:58 1181040 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009062 9.003\NAVEX32A.DLL
2009-06-29 14:30 . 2009-02-25 09:00 2414128 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009062 9.003\CCERASER.DLL
2009-06-26 16:31 . 2009-06-26 16:31 -------- d-----w- c:\program files\ESET
2009-06-25 21:37 . 2009-06-25 21:37 -------- d-----w- c:\documents and settings\Mynor\DoctorWeb
2009-06-25 20:58 . 2009-06-25 20:58 -------- d-----w- c:\program files\CCleaner
2009-06-24 22:22 . 2009-06-25 02:59 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-24 22:16 . 2009-01-19 11:48 43008 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\deo3j5ri.default\ext ensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metricsloader.dll
2009-06-24 22:16 . 2009-01-19 11:48 43008 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\deo3j5ri.default\ext ensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-06-24 22:16 . 2009-01-19 11:48 245248 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\deo3j5ri.default\ext ensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\metrics-ff2.dll
2009-06-24 22:16 . 2009-01-19 11:48 243200 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\deo3j5ri.default\ext ensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\metrics-ff3.dll
2009-06-24 22:16 . 2009-01-19 11:48 239616 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\deo3j5ri.default\ext ensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-06-24 22:16 . 2009-01-19 11:48 233984 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\deo3j5ri.default\ext ensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-06-24 14:27 . 2009-03-16 20:03 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623. 001\Scxpx86.dll
2009-06-24 14:27 . 2009-01-29 21:50 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623. 001\IDSXpx86.sys
2009-06-24 14:27 . 2009-01-29 21:50 447864 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623. 001\IDSxpx86.dll
2009-06-24 14:27 . 2009-01-29 21:50 292912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623. 001\IDSvix86.sys
2009-06-24 14:27 . 2009-01-29 21:50 396848 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623. 001\IDSviA64.sys
2009-06-23 22:36 . 2009-06-23 22:37 -------- d-----w- c:\program files\SpywareBlaster
2009-06-23 20:41 . 2009-06-17 17:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-23 20:41 . 2009-06-23 20:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-23 20:41 . 2009-06-17 17:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-23 18:32 . 2009-06-23 19:47 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\ UIREPAIR.DLL
2009-06-23 18:29 . 2009-06-23 18:29 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-06-23 18:23 . 2009-06-29 16:17 117760 ----a-w- c:\documents and settings\Mynor\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\ UIREPAIR.DLL
2009-06-23 18:20 . 2009-06-23 18:20 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-06-23 18:18 . 2009-06-23 18:20 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-23 18:18 . 2009-06-23 18:18 -------- d-----w- c:\documents and settings\Mynor\Application Data\SUPERAntiSpyware.com
2009-06-23 18:18 . 2009-06-23 18:18 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-22 21:37 . 2009-06-22 21:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-06-22 21:31 . 2009-06-22 21:31 -------- d-----w- c:\documents and settings\Mynor\Application Data\Malwarebytes
2009-06-22 21:30 . 2009-06-22 21:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-20 03:13 . 2009-03-16 20:03 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090618. 002\Scxpx86.dll
2009-06-20 03:13 . 2009-01-29 21:50 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090618. 002\IDSXpx86.sys
2009-06-20 03:13 . 2009-01-29 21:50 292912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090618. 002\IDSvix86.sys
2009-06-20 03:13 . 2009-01-29 21:50 447864 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090618. 002\IDSxpx86.dll
2009-06-20 03:13 . 2009-01-29 21:50 396848 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090618. 002\IDSviA64.sys
2009-06-10 22:23 . 2009-06-10 22:23 -------- d-----w- c:\program files\FileASSASSIN
2009-06-10 21:28 . 2009-06-10 18:42 3371360 ----a-w- C:\a.com
2009-06-08 21:29 . 2009-05-15 16:00 288115 ----a-w- C:\Mata Virus USB 2[1].0 By Peruxxo.exe
2009-06-05 21:02 . 2004-08-04 12:00 10240 ----a-w- c:\windows\system32\wbem\snmpstup.dll
2009-06-03 15:04 . 2009-06-03 16:59 -------- d-----w- c:\windows\system32\NtmsData
2009-06-02 21:08 . 2009-06-02 21:08 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Symantec

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-06-26 23:08 . 2008-12-19 17:56 1 ----a-w- c:\documents and settings\Mynor\Application Data\OpenOffice.org\3\user\uno_packages\cache\stam p.sys
2009-06-25 03:17 . 2007-04-22 16:06 131328 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-20 02:59 . 2007-06-11 23:04 -------- d-----w- c:\documents and settings\Mynor\Application Data\Image Zone Express
2009-06-04 22:53 . 2007-11-29 16:07 59 ----a-w- c:\windows\wpd99.drv
2009-06-04 22:53 . 2007-11-29 16:07 -------- d-----w- c:\documents and settings\All Users\Application Data\pdf995
2009-06-03 16:52 . 2008-12-11 22:18 -------- d-----w- c:\program files\Norton Internet Security
2009-06-02 02:25 . 2009-06-02 02:25 0 ----a-w- c:\documents and settings\Mynor\Application Data\~ygw.tmp
2009-05-24 21:47 . 2006-03-26 23:23 131328 ----a-w- c:\documents and settings\Mynor\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-22 21:52 . 2008-12-19 17:41 -------- d-----w- c:\program files\OpenOffice.org 3
2009-05-07 15:32 . 2005-11-05 00:52 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:56 . 2005-11-05 00:53 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2005-11-05 00:52 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-17 12:26 . 2005-11-05 00:53 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2005-11-05 00:53 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-07 14:12 . 2009-04-07 14:12 152576 ----a-w- c:\documents and settings\Mynor\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2008-12-06 00:12 . 2008-12-05 19:29 36391320 ----a-w- c:\program files\8-11_xp32_dd_ccc_wdm_enu_70226.exe
2008-12-01 16:43 . 2008-12-01 16:43 1234120 ----a-w- c:\program files\wrar380.exe
2007-09-18 19:28 . 2007-09-18 19:27 5163366 ----a-w- c:\program files\msjavx86.zip
2007-04-27 02:31 . 2007-04-27 02:31 253096 ----a-w- c:\program files\tiempo de aire 26-04'2007
2007-04-22 16:36 . 2007-04-22 16:36 5153792 ----a-w- c:\program files\WindowsDefender.msi
2007-04-16 02:28 . 2007-04-16 02:28 21739895 ----a-w- c:\program files\3820-enu-win2k_xp.exe
2007-03-03 14:59 . 2007-11-22 16:52 12313429 ----a-w- c:\program files\Kd50.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe" [2006-04-03 32768]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SASrun.exe" [2009-05-26 1830128]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1 \DW\dwtrig20.exe" [2007-02-26 437160]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 18:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"=scarddl44.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CreataCard Gold 3 Forget Me Not Reminders Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\CreataCard Gold 3 Forget Me Not Reminders Tray Icon.lnk
backup=c:\windows\pss\CreataCard Gold 3 Forget Me Not Reminders Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"%windir%\\system32\\sessmgr.exe"=

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1005000 .087\SymEFA.sys [24/03/2009 12:28 p.m. 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1005000.087 \BHDrvx86.sys [24/03/2009 12:28 p.m. 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1005000.0 87\cchpx86.sys [24/03/2009 12:27 p.m. 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623. 001\IDSXpx86.sys [24/06/2009 08:27 a.m. 276344]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [26/05/2009 10:05 a.m. 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [26/05/2009 10:05 a.m. 72944]
R2 Belkin 54g Wireless USB Network Adapter Service;Belkin 54g Wireless USB Network Adapter;c:\program files\Belkin\Belkin Wireless Network Utility\WLService.exe [27/05/2006 10:20 p.m. 49152]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe [24/03/2009 12:28 p.m. 115560]
R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [04/11/2005 06:53 p.m. 14336]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 06:19 p.m. 13592]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [26/06/2009 11:41 a.m. 101936]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [26/05/2009 10:05 a.m. 7408]
S1 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\system32\drivers\eusk2par.sys [05/06/2007 11:22 a.m. 24786]
S2 hqvf;hqvf;c:\windows\system32\drivers\ufagzr.sys --> c:\windows\system32\drivers\ufagzr.sys [?]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPO RT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 AMXBRR;AMXBRR;c:\docume~1\ADMINI~1\LOCALS~1\Temp\A MXBRR.exe --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\AMXBRR.exe [?]
S3 CH;CH;c:\docume~1\ADMINI~1\LOCALS~1\Temp\CH.exe --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\CH.exe [?]
S3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavS RK.sys --> c:\windows\system32\PavSRK.sys [?]
S3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavT PK.sys --> c:\windows\system32\PavTPK.sys [?]
S3 VYNWS;VYNWS;c:\docume~1\ADMINI~1\LOCALS~1\Temp\VYN WS.exe --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\VYNWS.exe [?]
.
Contents of the 'Scheduled Tasks' folder

2009-06-29 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]

2006-03-26 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2005-11-05 00:12]

2006-03-26 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2005-11-05 00:12]
.
- - - - ORPHANS REMOVED - - - -

Notify-avldr - (no file)


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com.gt/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Mynor\Application Data\Mozilla\Firefox\Profiles\exw93s9e.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Diccionario RAE
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.gt/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\npr pbrowserrecordplugin.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
.
.
------- File Associations -------
.
inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-29 10:17
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

[HKEY_LOCAL_MACHINE\System\ControlSet006\Services\N orton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Installer\UserData\LocalSystem\Componen ts\h–€|ÿÿÿÿ¤•€|ù•A~*]
"A0C0110900063D11C8EF10054038389C"="C?\\WINDOWS\\s ystem32\\FM20ENU.DLL"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(920)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1224)
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\Software Suite\PhotoImpression\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\acs.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\program files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\windows\system32\DVDRAMSV.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\HPZipm12.exe
c:\windows\system32\snmp.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
c:\windows\system32\wscntfy.exe
.
************************************************** ************************
.
Completion time: 2009-06-29 10:23 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-29 16:23

Pre-Run: 20,452,917,248 bytes free
Post-Run: 20,457,218,048 bytes free

Current=6 Default=6 Failed=5 LastKnownGood=7 Sets=1,2,3,4,5,6,7
257 --- E O F --- 2009-06-25 17:31


nuevo scaneo de combo fix

con todo mas limpio no se si sea util ya que le quitamos el automatico a norton por si reiniciaba y ahora no reinicio.



ComboFix 09-06-28.06 - Mynor 29/06/2009 11:12.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.502.1033.18.702.350 [GMT -6:00]
Running from: c:\documents and settings\Mynor\Desktop\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-06-29 )))))))))))))))))))))))))))))))
.

2009-06-29 14:30 . 2009-02-25 09:00 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009062 9.003\EECTRL.SYS
2009-06-29 14:30 . 2009-02-25 09:00 101936 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009062 9.003\ERASER.SYS
2009-06-29 14:30 . 2009-02-23 07:58 89104 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009062 9.003\NAVENG.SYS
2009-06-29 14:30 . 2009-02-23 07:58 876144 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009062 9.003\NAVEX15.SYS
2009-06-29 14:30 . 2009-02-23 07:58 259368 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009062 9.003\ECMSVR32.DLL
2009-06-29 14:30 . 2009-02-23 07:58 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009062 9.003\NAVENG32.DLL
2009-06-29 14:30 . 2009-02-23 07:58 1181040 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009062 9.003\NAVEX32A.DLL
2009-06-29 14:30 . 2009-02-25 09:00 2414128 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009062 9.003\CCERASER.DLL
2009-06-26 16:31 . 2009-06-26 16:31 -------- d-----w- c:\program files\ESET
2009-06-25 21:37 . 2009-06-25 21:37 -------- d-----w- c:\documents and settings\Mynor\DoctorWeb
2009-06-25 20:58 . 2009-06-25 20:58 -------- d-----w- c:\program files\CCleaner
2009-06-24 22:22 . 2009-06-25 02:59 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-24 22:16 . 2009-01-19 11:48 43008 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\deo3j5ri.default\ext ensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metricsloader.dll
2009-06-24 22:16 . 2009-01-19 11:48 43008 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\deo3j5ri.default\ext ensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-06-24 22:16 . 2009-01-19 11:48 245248 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\deo3j5ri.default\ext ensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\metrics-ff2.dll
2009-06-24 22:16 . 2009-01-19 11:48 243200 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\deo3j5ri.default\ext ensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\metrics-ff3.dll
2009-06-24 22:16 . 2009-01-19 11:48 239616 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\deo3j5ri.default\ext ensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-06-24 22:16 . 2009-01-19 11:48 233984 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\deo3j5ri.default\ext ensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-06-24 14:27 . 2009-03-16 20:03 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623. 001\Scxpx86.dll
2009-06-24 14:27 . 2009-01-29 21:50 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623. 001\IDSXpx86.sys
2009-06-24 14:27 . 2009-01-29 21:50 447864 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623. 001\IDSxpx86.dll
2009-06-24 14:27 . 2009-01-29 21:50 292912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623. 001\IDSvix86.sys
2009-06-24 14:27 . 2009-01-29 21:50 396848 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623. 001\IDSviA64.sys
2009-06-23 22:36 . 2009-06-23 22:37 -------- d-----w- c:\program files\SpywareBlaster
2009-06-23 20:41 . 2009-06-17 17:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-23 20:41 . 2009-06-23 20:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-23 20:41 . 2009-06-17 17:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-23 18:32 . 2009-06-23 19:47 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\ UIREPAIR.DLL
2009-06-23 18:29 . 2009-06-23 18:29 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-06-23 18:23 . 2009-06-29 16:17 117760 ----a-w- c:\documents and settings\Mynor\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\ UIREPAIR.DLL
2009-06-23 18:20 . 2009-06-23 18:20 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-06-23 18:18 . 2009-06-23 18:20 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-23 18:18 . 2009-06-23 18:18 -------- d-----w- c:\documents and settings\Mynor\Application Data\SUPERAntiSpyware.com
2009-06-23 18:18 . 2009-06-23 18:18 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-22 21:37 . 2009-06-22 21:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-06-22 21:31 . 2009-06-22 21:31 -------- d-----w- c:\documents and settings\Mynor\Application Data\Malwarebytes
2009-06-22 21:30 . 2009-06-22 21:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-20 03:13 . 2009-03-16 20:03 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090618. 002\Scxpx86.dll
2009-06-20 03:13 . 2009-01-29 21:50 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090618. 002\IDSXpx86.sys
2009-06-20 03:13 . 2009-01-29 21:50 292912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090618. 002\IDSvix86.sys
2009-06-20 03:13 . 2009-01-29 21:50 447864 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090618. 002\IDSxpx86.dll
2009-06-20 03:13 . 2009-01-29 21:50 396848 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090618. 002\IDSviA64.sys
2009-06-10 22:23 . 2009-06-10 22:23 -------- d-----w- c:\program files\FileASSASSIN
2009-06-10 21:28 . 2009-06-10 18:42 3371360 ----a-w- C:\a.com
2009-06-08 21:29 . 2009-05-15 16:00 288115 ----a-w- C:\Mata Virus USB 2[1].0 By Peruxxo.exe
2009-06-05 21:02 . 2004-08-04 12:00 10240 ----a-w- c:\windows\system32\wbem\snmpstup.dll
2009-06-03 15:04 . 2009-06-03 16:59 -------- d-----w- c:\windows\system32\NtmsData
2009-06-02 21:08 . 2009-06-02 21:08 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Symantec

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-06-26 23:08 . 2008-12-19 17:56 1 ----a-w- c:\documents and settings\Mynor\Application Data\OpenOffice.org\3\user\uno_packages\cache\stam p.sys
2009-06-25 03:17 . 2007-04-22 16:06 131328 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-20 02:59 . 2007-06-11 23:04 -------- d-----w- c:\documents and settings\Mynor\Application Data\Image Zone Express
2009-06-04 22:53 . 2007-11-29 16:07 59 ----a-w- c:\windows\wpd99.drv
2009-06-04 22:53 . 2007-11-29 16:07 -------- d-----w- c:\documents and settings\All Users\Application Data\pdf995
2009-06-03 16:52 . 2008-12-11 22:18 -------- d-----w- c:\program files\Norton Internet Security
2009-06-02 02:25 . 2009-06-02 02:25 0 ----a-w- c:\documents and settings\Mynor\Application Data\~ygw.tmp
2009-05-24 21:47 . 2006-03-26 23:23 131328 ----a-w- c:\documents and settings\Mynor\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-22 21:52 . 2008-12-19 17:41 -------- d-----w- c:\program files\OpenOffice.org 3
2009-05-07 15:32 . 2005-11-05 00:52 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:56 . 2005-11-05 00:53 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2005-11-05 00:52 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-17 12:26 . 2005-11-05 00:53 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2005-11-05 00:53 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-07 14:12 . 2009-04-07 14:12 152576 ----a-w- c:\documents and settings\Mynor\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2008-12-06 00:12 . 2008-12-05 19:29 36391320 ----a-w- c:\program files\8-11_xp32_dd_ccc_wdm_enu_70226.exe
2008-12-01 16:43 . 2008-12-01 16:43 1234120 ----a-w- c:\program files\wrar380.exe
2007-09-18 19:28 . 2007-09-18 19:27 5163366 ----a-w- c:\program files\msjavx86.zip
2007-04-27 02:31 . 2007-04-27 02:31 253096 ----a-w- c:\program files\tiempo de aire 26-04'2007
2007-04-22 16:36 . 2007-04-22 16:36 5153792 ----a-w- c:\program files\WindowsDefender.msi
2007-04-16 02:28 . 2007-04-16 02:28 21739895 ----a-w- c:\program files\3820-enu-win2k_xp.exe
2007-03-03 14:59 . 2007-11-22 16:52 12313429 ----a-w- c:\program files\Kd50.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-06-29_16.18.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-11-05 00:53 . 2009-06-29 16:22 65828 c:\windows\system32\perfc009.dat
- 2005-11-05 00:53 . 2009-06-20 03:23 65828 c:\windows\system32\perfc009.dat
+ 2005-11-05 00:53 . 2009-06-29 16:22 411550 c:\windows\system32\perfh009.dat
- 2005-11-05 00:53 . 2009-06-20 03:23 411550 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe" [2006-04-03 32768]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SASrun.exe" [2009-05-26 1830128]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1 \DW\dwtrig20.exe" [2007-02-26 437160]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 18:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"=scarddl44.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CreataCard Gold 3 Forget Me Not Reminders Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\CreataCard Gold 3 Forget Me Not Reminders Tray Icon.lnk
backup=c:\windows\pss\CreataCard Gold 3 Forget Me Not Reminders Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"%windir%\\system32\\sessmgr.exe"=

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1005000 .087\SymEFA.sys [24/03/2009 12:28 p.m. 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1005000.087 \BHDrvx86.sys [24/03/2009 12:28 p.m. 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1005000.0 87\cchpx86.sys [24/03/2009 12:27 p.m. 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623. 001\IDSXpx86.sys [24/06/2009 08:27 a.m. 276344]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [26/05/2009 10:05 a.m. 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [26/05/2009 10:05 a.m. 72944]
R2 Belkin 54g Wireless USB Network Adapter Service;Belkin 54g Wireless USB Network Adapter;c:\program files\Belkin\Belkin Wireless Network Utility\WLService.exe [27/05/2006 10:20 p.m. 49152]
R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [04/11/2005 06:53 p.m. 14336]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 06:19 p.m. 13592]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [26/06/2009 11:41 a.m. 101936]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [26/05/2009 10:05 a.m. 7408]
S1 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\system32\drivers\eusk2par.sys [05/06/2007 11:22 a.m. 24786]
S2 hqvf;hqvf;c:\windows\system32\drivers\ufagzr.sys --> c:\windows\system32\drivers\ufagzr.sys [?]
S2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe [24/03/2009 12:28 p.m. 115560]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPO RT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 AMXBRR;AMXBRR;c:\docume~1\ADMINI~1\LOCALS~1\Temp\A MXBRR.exe --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\AMXBRR.exe [?]
S3 CH;CH;c:\docume~1\ADMINI~1\LOCALS~1\Temp\CH.exe --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\CH.exe [?]
S3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavS RK.sys --> c:\windows\system32\PavSRK.sys [?]
S3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavT PK.sys --> c:\windows\system32\PavTPK.sys [?]
S3 VYNWS;VYNWS;c:\docume~1\ADMINI~1\LOCALS~1\Temp\VYN WS.exe --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\VYNWS.exe [?]
.
Contents of the 'Scheduled Tasks' folder

2009-06-29 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]

2006-03-26 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2005-11-05 00:12]

2006-03-26 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2005-11-05 00:12]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com.gt/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Mynor\Application Data\Mozilla\Firefox\Profiles\exw93s9e.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Diccionario RAE
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.gt/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn. dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl. dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\npr pbrowserrecordplugin.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
.
.
------- File Associations -------
.
inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-29 11:18
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

[HKEY_LOCAL_MACHINE\System\ControlSet006\Services\N orton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Installer\UserData\LocalSystem\Componen ts\h–€|ÿÿÿÿ¤•€|ù•A~*]
"A0C0110900063D11C8EF10054038389C"="C?\\WINDOWS\\s ystem32\\FM20ENU.DLL"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(920)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2028)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-06-29 11:21
ComboFix-quarantined-files.txt 2009-06-29 17:21
ComboFix2.txt 2009-06-29 16:23

Pre-Run: 20,477,161,472 bytes free
Post-Run: 20,457,127,936 bytes free

Current=6 Default=6 Failed=5 LastKnownGood=7 Sets=1,2,3,4,5,6,7
228 --- E O F --- 2009-06-25 17:31

El sofware NORTON que instalaste es de VERSION LEGAL ????


Realiza lo siguiente :

• Clic en INICIO > EJECUTAR >
  • Y ahí pones notepad.exe y ACEPTAR
  • Ahora copia y pega el texto del cuadro de mas abajo dentro del Notepad

• Guarda este archivo con el nombre CFScript.txt
• Arrastra y suelta el archivo CFScript.txt dentro del archivo ComboFix.exe como lo muestra el screenshot de abajo.
  
  
  
  
  
  
• ComboFix comenzará otra vez a ejecutarse. Cuando termine generara un nuevo reporte que tendras que pegar en este mismo tema.

saludos

Hola edgarmora,

Mi nombre es Daniel y trabajo en un equipo de soporte externo para Symantec.

Intenta descargar la versión más actual de Norton y ejecuta un análisis completo en modo seguro. Debido a que tienes una versión de fabricante de equipos originales (OEM), se cancelará la nueva instalación y perderá los días que le quedan. Para descargar la versión del software de prueba (dura 15 días), haz clic o copia y pega el vínculo siguiente: http://liveupdate.symantec.com/upgrade/NIS09ES.exe.

Saludos, Daniel
Norton Forum Assist Team

Muchas gracias por sus comentarios,
1.Mi version de Norton Internet Security si es original.
2. Tengo problema al arrastrar el archivo cfsscript.txt sobre el combofix me dice que tengo un scaner de tiempo real Noron Internet Security ya fui al administrador de aplicacioes y desabilite el Norton Internet Security pero sigue diciendome que lo tengo activo, Que puedo hacer?

3. Ya actualize la verion de Norton Internet Security y despues del full scan no reconoce nada.

Realiza el proceso igual.......a pesar del aviso.

ComboFix 09-07-02.02 - Mynor 02/07/2009 16:43.3 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.502.1033.18.702.483 [GMT -6:00]
Running from: c:\documents and settings\Mynor\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Mynor\Desktop\CFScript.txt
AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
"c:\docume~1\ADMINI~1\LOCALS~1\Temp\A MXBRR.exe"
"c:\docume~1\ADMINI~1\LOCALS~1\Temp\CH.exe"
"c:\docume~1\ADMINI~1\LOCALS~1\Temp\VYNWS.exe"
"c:\documents and settings\Mynor\Application Data\~ygw.tmp"
"c:\windows\system32\drivers\ufagzr.sys"
"c:\windows\wpd99.drv"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Mynor\Application Data\~ygw.tmp
c:\windows\Installer\4cbc6fe.msi
c:\windows\Installer\81bdd.msi
c:\windows\wpd99.drv

.
((((((((((((((((((((((((( Files Created from 2009-06-02 to 2009-07-02 )))))))))))))))))))))))))))))))
.

2009-07-02 17:24 . 2009-03-16 20:03 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090625. 003\Scxpx86.dll
2009-07-02 17:24 . 2009-01-29 21:50 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090625. 003\IDSXpx86.sys
2009-07-02 17:24 . 2009-01-29 21:50 292912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090625. 003\IDSvix86.sys
2009-07-02 17:24 . 2009-01-29 21:50 447864 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090625. 003\IDSxpx86.dll
2009-07-02 17:24 . 2009-01-29 21:50 396848 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090625. 003\IDSviA64.sys
2009-07-02 17:21 . 2009-03-12 09:03 165240 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl. dll
2009-07-02 08:10 . 2009-07-02 08:10 89104 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009070 2.005\naveng.sys
2009-07-02 08:10 . 2009-07-02 08:10 876144 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009070 2.005\navex15.sys
2009-07-02 08:10 . 2009-07-02 08:10 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009070 2.005\eeCtrl.sys
2009-07-02 08:10 . 2009-07-02 08:10 259368 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009070 2.005\ecmsvr32.dll
2009-07-02 08:10 . 2009-07-02 08:10 2414128 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009070 2.005\cceraser.dll
2009-07-02 08:10 . 2009-07-02 08:10 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009070 2.005\naveng32.dll
2009-07-02 08:10 . 2009-07-02 08:10 1181040 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009070 2.005\navex32a.dll
2009-07-02 08:10 . 2009-07-02 08:10 101936 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009070 2.005\eraser.sys
2009-07-01 17:29 . 2009-07-01 07:00 89104 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009070 1.004\naveng.sys
2009-07-01 17:29 . 2009-07-01 07:00 876144 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009070 1.004\navex15.sys
2009-07-01 17:29 . 2009-07-01 07:00 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009070 1.004\naveng32.dll
2009-07-01 17:29 . 2009-07-01 07:00 1181040 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009070 1.004\navex32a.dll
2009-07-01 17:29 . 2009-07-01 07:00 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009070 1.004\eeCtrl.sys
2009-07-01 17:29 . 2009-07-01 07:00 259368 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009070 1.004\ecmsvr32.dll
2009-07-01 17:29 . 2009-07-01 07:00 2414128 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009070 1.004\cceraser.dll
2009-07-01 17:29 . 2009-07-01 07:00 101936 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009070 1.004\eraser.sys
2009-06-26 16:31 . 2009-06-26 16:31 -------- d-----w- c:\program files\ESET
2009-06-25 21:37 . 2009-06-25 21:37 -------- d-----w- c:\documents and settings\Mynor\DoctorWeb
2009-06-25 20:58 . 2009-06-25 20:58 -------- d-----w- c:\program files\CCleaner
2009-06-24 22:22 . 2009-06-25 02:59 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-24 22:16 . 2009-01-19 11:48 43008 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\deo3j5ri.default\ext ensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metricsloader.dll
2009-06-24 22:16 . 2009-01-19 11:48 43008 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\deo3j5ri.default\ext ensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-06-24 22:16 . 2009-01-19 11:48 245248 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\deo3j5ri.default\ext ensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\metrics-ff2.dll
2009-06-24 22:16 . 2009-01-19 11:48 243200 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\deo3j5ri.default\ext ensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\metrics-ff3.dll
2009-06-24 22:16 . 2009-01-19 11:48 239616 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\deo3j5ri.default\ext ensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-06-24 22:16 . 2009-01-19 11:48 233984 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\deo3j5ri.default\ext ensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-06-24 14:27 . 2009-03-16 20:03 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623. 001\Scxpx86.dll
2009-06-24 14:27 . 2009-01-29 21:50 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623. 001\IDSXpx86.sys
2009-06-24 14:27 . 2009-01-29 21:50 447864 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623. 001\IDSxpx86.dll
2009-06-24 14:27 . 2009-01-29 21:50 292912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623. 001\IDSvix86.sys
2009-06-24 14:27 . 2009-01-29 21:50 396848 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090623. 001\IDSviA64.sys
2009-06-23 22:36 . 2009-06-23 22:37 -------- d-----w- c:\program files\SpywareBlaster
2009-06-23 20:41 . 2009-06-17 17:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-23 20:41 . 2009-06-23 20:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-23 20:41 . 2009-06-17 17:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-23 18:32 . 2009-06-23 19:47 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\ UIREPAIR.DLL
2009-06-23 18:29 . 2009-06-23 18:29 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-06-23 18:23 . 2009-07-02 22:52 117760 ----a-w- c:\documents and settings\Mynor\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\ UIREPAIR.DLL
2009-06-23 18:20 . 2009-06-23 18:20 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-06-23 18:18 . 2009-06-23 18:20 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-23 18:18 . 2009-06-23 18:18 -------- d-----w- c:\documents and settings\Mynor\Application Data\SUPERAntiSpyware.com
2009-06-23 18:18 . 2009-06-23 18:18 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-22 21:37 . 2009-06-22 21:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-06-22 21:31 . 2009-06-22 21:31 -------- d-----w- c:\documents and settings\Mynor\Application Data\Malwarebytes
2009-06-22 21:30 . 2009-06-22 21:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-10 22:23 . 2009-06-10 22:23 -------- d-----w- c:\program files\FileASSASSIN
2009-06-10 21:28 . 2009-06-10 18:42 3371360 ----a-w- C:\a.com
2009-06-08 21:29 . 2009-05-15 16:00 288115 ----a-w- C:\Mata Virus USB 2[1].0 By Peruxxo.exe
2009-06-05 21:02 . 2004-08-04 12:00 10240 ----a-w- c:\windows\system32\wbem\snmpstup.dll
2009-06-03 15:04 . 2009-06-03 16:59 -------- d-----w- c:\windows\system32\NtmsData

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-07-02 22:26 . 2008-12-19 17:56 1 ----a-w- c:\documents and settings\Mynor\Application Data\OpenOffice.org\3\user\uno_packages\cache\stam p.sys
2009-06-25 03:17 . 2007-04-22 16:06 131328 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-20 02:59 . 2007-06-11 23:04 -------- d-----w- c:\documents and settings\Mynor\Application Data\Image Zone Express
2009-06-04 22:53 . 2007-11-29 16:07 -------- d-----w- c:\documents and settings\All Users\Application Data\pdf995
2009-06-03 16:52 . 2008-12-11 22:18 -------- d-----w- c:\program files\Norton Internet Security
2009-05-24 21:47 . 2006-03-26 23:23 131328 ----a-w- c:\documents and settings\Mynor\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-22 21:52 . 2008-12-19 17:41 -------- d-----w- c:\program files\OpenOffice.org 3
2009-05-07 15:32 . 2005-11-05 00:52 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:56 . 2005-11-05 00:53 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2005-11-05 00:52 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-17 12:26 . 2005-11-05 00:53 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2005-11-05 00:53 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-07 14:12 . 2009-04-07 14:12 152576 ----a-w- c:\documents and settings\Mynor\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2008-12-06 00:12 . 2008-12-05 19:29 36391320 ----a-w- c:\program files\8-11_xp32_dd_ccc_wdm_enu_70226.exe
2008-12-01 16:43 . 2008-12-01 16:43 1234120 ----a-w- c:\program files\wrar380.exe
2007-09-18 19:28 . 2007-09-18 19:27 5163366 ----a-w- c:\program files\msjavx86.zip
2007-04-27 02:31 . 2007-04-27 02:31 253096 ----a-w- c:\program files\tiempo de aire 26-04'2007
2007-04-22 16:36 . 2007-04-22 16:36 5153792 ----a-w- c:\program files\WindowsDefender.msi
2007-04-16 02:28 . 2007-04-16 02:28 21739895 ----a-w- c:\program files\3820-enu-win2k_xp.exe
2007-03-03 14:59 . 2007-11-22 16:52 12313429 ----a-w- c:\program files\Kd50.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-06-29_16.18.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-02 22:51 . 2009-07-02 22:51 16384 c:\windows\temp\Perflib_Perfdata_5f0.dat
+ 2009-07-02 22:51 . 2009-07-02 22:51 16384 c:\windows\temp\Perflib_Perfdata_2f0.dat
- 2005-11-05 00:53 . 2009-06-20 03:23 65828 c:\windows\system32\perfc009.dat
+ 2005-11-05 00:53 . 2009-06-29 16:22 65828 c:\windows\system32\perfc009.dat
+ 2009-03-25 20:55 . 2009-03-25 20:55 25088 c:\windows\Installer\68323c7.msi
+ 2009-03-25 20:55 . 2009-03-25 20:55 28160 c:\windows\Installer\68323c2.msi
+ 2009-03-25 20:54 . 2009-03-25 20:54 83456 c:\windows\Installer\68323ae.msi
+ 2009-03-25 20:54 . 2009-03-25 20:54 59904 c:\windows\Installer\68323a9.msi
+ 2008-04-11 14:30 . 2008-04-11 14:30 86528 c:\windows\Installer\172759.msi
+ 2005-11-05 00:55 . 2004-08-04 12:00 66048 c:\windows\I386\WINNT32.MSI
+ 2005-11-05 00:56 . 2004-08-04 12:00 793088 c:\windows\VALUEADD\MSFT\NTBACKUP\NTBACKUP.MSI
+ 2005-11-05 00:56 . 2004-08-04 12:00 185856 c:\windows\VALUEADD\MSFT\MGMT\WBEMODBC\WBEMODBC.MS I
- 2005-11-05 00:53 . 2009-06-20 03:23 411550 c:\windows\system32\perfh009.dat
+ 2005-11-05 00:53 . 2009-06-29 16:22 411550 c:\windows\system32\perfh009.dat
+ 2005-11-05 00:56 . 2004-08-04 12:00 219648 c:\windows\SUPPORT\TOOLS\SUPTOOLS.MSI
+ 2008-09-03 13:43 . 2004-07-17 17:41 366080 c:\windows\ServicePackFiles\i386\digreqex.msi
+ 2008-09-03 13:43 . 2004-07-17 17:41 863232 c:\windows\ServicePackFiles\i386\digopt.msi
+ 2007-05-13 04:42 . 2007-05-13 04:42 428544 c:\windows\Installer\dfd23.msi
+ 2007-08-14 20:20 . 2007-08-14 20:20 431104 c:\windows\Installer\d812c8.msi
+ 2008-08-13 13:58 . 2008-08-13 13:58 289792 c:\windows\Installer\c05f9.msi
+ 2008-04-11 17:27 . 2008-04-11 17:27 606720 c:\windows\Installer\bdbce4.msi
+ 2005-11-05 02:33 . 2005-11-05 02:33 264704 c:\windows\Installer\a5c9.msi
+ 2009-05-13 16:34 . 2009-05-13 16:34 691200 c:\windows\Installer\83674c.msi
+ 2006-04-25 20:25 . 2006-04-25 20:25 173568 c:\windows\Installer\81be7.msi
+ 2009-03-25 20:55 . 2009-03-25 20:55 431104 c:\windows\Installer\68323cd.msi
+ 2009-03-25 20:55 . 2009-03-25 20:55 140288 c:\windows\Installer\68323bd.msi
+ 2009-03-25 20:54 . 2009-03-25 20:54 202752 c:\windows\Installer\68323b8.msi
+ 2009-03-25 20:54 . 2009-03-25 20:54 152576 c:\windows\Installer\68323b3.msi
+ 2009-03-25 20:53 . 2009-03-25 20:53 107008 c:\windows\Installer\68323a4.msi
+ 2009-03-25 20:53 . 2009-03-25 20:53 301056 c:\windows\Installer\683239f.msi
+ 2008-07-31 16:56 . 2008-07-31 16:56 331264 c:\windows\Installer\5f04b.msi
+ 2008-03-05 14:04 . 2008-03-05 14:04 871424 c:\windows\Installer\579a6d5.msi
+ 2008-05-09 23:31 . 2008-05-09 23:31 862720 c:\windows\Installer\53c9f.msi
+ 2008-05-09 23:30 . 2008-05-09 23:30 271872 c:\windows\Installer\53c9a.msi
+ 2008-05-09 23:27 . 2008-05-09 23:27 366592 c:\windows\Installer\53c96.msi
+ 2005-12-22 01:04 . 2005-12-22 01:04 219136 c:\windows\Installer\3e91f.msi
+ 2008-03-17 16:24 . 2008-03-17 16:24 206336 c:\windows\Installer\2d1b1a.msi
+ 2008-03-17 16:24 . 2008-03-17 16:24 129536 c:\windows\Installer\2d1b15.msi
+ 2008-03-17 16:24 . 2008-03-17 16:24 130048 c:\windows\Installer\2d1b10.msi
+ 2008-03-17 16:23 . 2008-03-17 16:23 985600 c:\windows\Installer\2d1b06.msi
+ 2008-03-17 16:23 . 2008-03-17 16:23 299008 c:\windows\Installer\2d1b00.msi
+ 2008-03-17 16:22 . 2008-03-17 16:22 491008 c:\windows\Installer\2d1af9.msi
+ 2008-03-17 16:22 . 2008-03-17 16:22 247296 c:\windows\Installer\2d1af4.msi
+ 2008-03-17 16:22 . 2008-03-17 16:22 175616 c:\windows\Installer\2d1ae7.msi
+ 2008-03-17 16:22 . 2008-03-17 16:22 121344 c:\windows\Installer\2d1adf.msi
+ 2008-03-17 16:22 . 2008-03-17 16:22 247296 c:\windows\Installer\2d1ada.msi
+ 2008-03-17 16:22 . 2008-03-17 16:22 129536 c:\windows\Installer\2d1ad2.msi
+ 2008-03-17 16:22 . 2008-03-17 16:22 728064 c:\windows\Installer\2d1acd.msi
+ 2008-03-17 16:21 . 2008-03-17 16:21 343040 c:\windows\Installer\2d1ac8.msi
+ 2008-03-17 16:21 . 2008-03-17 16:21 287744 c:\windows\Installer\2d1ac1.msi
+ 2008-03-17 16:21 . 2008-03-17 16:21 136704 c:\windows\Installer\2d1aba.msi
+ 2007-09-19 04:10 . 2007-09-19 04:10 712704 c:\windows\Installer\27265b.msp
+ 2008-01-07 14:29 . 2008-01-07 14:29 532992 c:\windows\Installer\21b4d5.msi
+ 2009-01-19 14:05 . 2009-01-19 14:05 562176 c:\windows\Installer\208633.msi
+ 2008-11-12 23:00 . 2008-11-12 23:00 432640 c:\windows\Installer\1dfddb9.msi
+ 2007-05-10 21:05 . 2007-05-10 21:05 315392 c:\windows\Installer\1c22c1.msi
+ 2007-05-10 21:04 . 2007-05-10 21:04 290816 c:\windows\Installer\1c22bc.msi
+ 2007-05-10 21:04 . 2007-05-10 21:04 152576 c:\windows\Installer\1c22b7.msi
+ 2007-05-10 21:04 . 2007-05-10 21:04 281088 c:\windows\Installer\1c22b2.msi
+ 2007-05-10 21:04 . 2007-05-10 21:04 353792 c:\windows\Installer\1c22ac.msi
+ 2007-05-10 21:04 . 2007-05-10 21:04 528384 c:\windows\Installer\1c22a6.msi
+ 2007-05-10 21:03 . 2007-05-10 21:03 121344 c:\windows\Installer\1c229a.msi
+ 2007-05-10 21:03 . 2007-05-10 21:03 274432 c:\windows\Installer\1c2295.msi
+ 2007-05-10 21:03 . 2007-05-10 21:03 121344 c:\windows\Installer\1c228d.msi
+ 2007-05-10 21:02 . 2007-05-10 21:02 123904 c:\windows\Installer\1c2268.msi
+ 2007-05-10 21:02 . 2007-05-10 21:02 123904 c:\windows\Installer\1c2263.msi
+ 2007-05-10 21:02 . 2007-05-10 21:02 123904 c:\windows\Installer\1c225e.msi
+ 2007-11-07 21:07 . 2007-11-07 21:07 999936 c:\windows\Installer\172762.msp
+ 2007-11-07 20:56 . 2007-11-07 20:56 553472 c:\windows\Installer\17275f.msp
+ 2007-11-07 20:58 . 2007-11-07 20:58 908800 c:\windows\Installer\17275b.msp
+ 2007-11-07 20:54 . 2007-11-07 20:54 507392 c:\windows\Installer\17275a.msp
+ 2005-11-05 03:37 . 2005-11-05 03:37 175616 c:\windows\Installer\14247.msi
+ 2007-06-11 22:55 . 2007-06-11 22:55 189440 c:\windows\Installer\13a7daf.msi
+ 2008-12-04 18:51 . 2008-12-04 18:51 348672 c:\windows\Installer\10e3a6d.msi
+ 2007-10-06 14:41 . 2007-10-06 14:41 208896 c:\windows\Installer\1056624.msp
+ 2008-01-23 23:16 . 2008-01-23 23:16 812544 c:\windows\Installer\10565d9.msp
+ 2008-06-11 20:02 . 2008-06-11 20:02 830464 c:\windows\Installer\10565c2.msp
+ 2008-07-28 21:06 . 2008-07-28 21:06 162816 c:\windows\Installer\10565b9.msp
+ 2005-11-05 00:53 . 2004-08-04 12:00 1326080 c:\windows\system32\webfldrs.msi
+ 2008-09-03 13:45 . 2004-08-04 12:00 1326080 c:\windows\ServicePackFiles\i386\webfldrs.msi
+ 2008-09-03 13:44 . 2004-07-17 17:41 5080576 c:\windows\ServicePackFiles\i386\msnmsgs.msi
+ 2007-05-25 18:08 . 2007-05-25 18:08 9609728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updat es\M928366\M928366Uninstall.msp
+ 2007-06-18 13:49 . 2007-06-18 13:49 1773056 c:\windows\Installer\fb4c4.msi
+ 2009-03-23 16:26 . 2009-03-23 16:26 4733440 c:\windows\Installer\ed0a8d.msp
+ 2007-04-22 01:03 . 2007-04-22 01:03 1988096 c:\windows\Installer\bb85bf.msi
+ 2008-08-04 13:53 . 2008-08-04 13:53 1440256 c:\windows\Installer\b6833.msi
+ 2009-06-23 18:19 . 2009-06-23 18:19 1516544 c:\windows\Installer\a9609b.msi
+ 2009-05-12 19:01 . 2009-05-12 19:01 6818816 c:\windows\Installer\960ee9.msp
+ 2009-05-28 18:32 . 2009-05-28 18:32 5518848 c:\windows\Installer\960ed4.msp
+ 2009-04-23 23:57 . 2009-04-23 23:57 7672832 c:\windows\Installer\960ebf.msp
+ 2005-10-26 20:59 . 2005-10-26 20:59 2883072 c:\windows\Installer\8f514e.msp
+ 2009-02-11 21:02 . 2009-02-11 21:02 5519872 c:\windows\Installer\8f5139.msp
+ 2009-05-13 16:19 . 2009-05-13 16:19 1711616 c:\windows\Installer\836747.msp
+ 2006-04-25 20:35 . 2006-04-25 20:35 9466880 c:\windows\Installer\81be9.msi
+ 2006-07-01 00:32 . 2006-07-01 00:32 5807104 c:\windows\Installer\6452b.msi
+ 2008-07-31 17:01 . 2008-07-31 17:01 1058816 c:\windows\Installer\5f04f.msi
+ 2005-11-05 02:36 . 2005-11-05 02:36 3443712 c:\windows\Installer\303ed.msi
+ 2008-07-08 21:04 . 2008-07-08 21:04 1383424 c:\windows\Installer\3005d9.msi
+ 2005-11-05 02:46 . 2005-11-05 02:46 5864960 c:\windows\Installer\2d88a.msp
+ 2008-03-17 16:23 . 2008-03-17 16:23 3658752 c:\windows\Installer\2d1b0b.msi
+ 2005-11-07 17:00 . 2005-11-07 17:00 1703936 c:\windows\Installer\29c989.msi
+ 2005-11-29 23:08 . 2005-11-29 23:08 1966080 c:\windows\Installer\21faa.msi
+ 2009-01-30 22:54 . 2009-01-30 22:54 7641088 c:\windows\Installer\1d6d826.msi
+ 2009-05-22 21:56 . 2009-05-22 21:56 9813504 c:\windows\Installer\1a1c699.msi
+ 2008-11-07 21:32 . 2008-11-07 21:32 4192256 c:\windows\Installer\191dd7c.msi
+ 2007-04-22 16:38 . 2007-04-22 16:38 1104384 c:\windows\Installer\1798e7.msi
+ 2007-11-07 20:50 . 2007-11-07 20:50 6055936 c:\windows\Installer\172761.msp
+ 2007-11-07 21:00 . 2007-11-07 21:00 3407360 c:\windows\Installer\172760.msp
+ 2007-11-07 20:46 . 2007-11-07 20:46 3010560 c:\windows\Installer\17275e.msp
+ 2007-11-07 21:02 . 2007-11-07 21:02 6473216 c:\windows\Installer\17275d.msp
+ 2007-11-07 21:12 . 2007-11-07 21:12 2533376 c:\windows\Installer\17275c.msp
+ 2005-11-05 04:05 . 2005-11-05 04:05 3818496 c:\windows\Installer\16ede.msi
+ 2009-03-05 21:40 . 2009-03-05 21:40 6819840 c:\windows\Installer\140051f.msp
+ 2009-04-06 23:00 . 2009-04-06 23:00 5518336 c:\windows\Installer\1212800.msp
+ 2009-05-01 21:49 . 2009-05-01 21:49 4328960 c:\windows\Installer\10e13d9.msp
+ 2008-06-11 21:05 . 2008-06-11 21:05 9994240 c:\windows\Installer\10566e8.msp
+ 2008-10-23 04:43 . 2008-10-23 04:43 6820352 c:\windows\Installer\10566cf.msp
+ 2008-10-23 04:48 . 2008-10-23 04:48 7672832 c:\windows\Installer\105669e.msp
+ 2008-04-01 20:33 . 2008-04-01 20:33 5479936 c:\windows\Installer\1056689.msp
+ 2008-01-31 16:30 . 2008-01-31 16:30 9947648 c:\windows\Installer\1056655.msp
+ 2008-01-14 22:53 . 2008-01-14 22:53 5213696 c:\windows\Installer\1056639.msp
+ 2008-10-25 15:15 . 2008-10-25 15:15 6227456 c:\windows\Installer\105660c.msp
+ 2008-07-08 17:27 . 2008-07-08 17:27 8436736 c:\windows\Installer\10565ee.msp
+ 2007-11-14 22:05 . 2007-11-14 22:05 4129280 c:\windows\Installer\10565a4.msp
+ 2006-04-08 19:04 . 2006-04-08 19:04 6170112 c:\windows\Downloaded Installations\{C0FA7138-477B-4FEC-8F23-640C21C2287B}\Microsoft AntiSpyware.msi
+ 2007-06-18 13:49 . 2007-06-18 13:49 8581632 c:\windows\Downloaded Installations\{3E547985-AA94-4B1B-8ADD-21E060E5E31F}\Adobe Photoshop Album 3.2 SE.msi
+ 2006-04-08 19:04 . 2006-04-08 19:04 5808640 c:\windows\Downloaded Installations\{303F45CA-471F-4585-BE59-8BCC13C79540}\LimeWire.msi
+ 2006-08-11 19:44 . 2003-11-03 23:06 2250100 c:\windows\Cache\Adobe Reader 6.0.1\ENUBIG\Adobe Reader 6.0.1.msi
+ 2006-03-26 23:22 . 2005-11-05 04:21 11633664 c:\windows\system32\config\systemprofile\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150040}\J2SE Runtime Environment 5.0 Update 4.msi
+ 2007-07-08 17:29 . 2007-07-08 17:29 37514240 c:\windows\Installer\e2f80b.msp
+ 2007-07-18 17:52 . 2007-07-18 17:52 15256576 c:\windows\Installer\8147d9.msp
+ 2005-11-05 02:36 . 2005-11-05 02:36 19204096 c:\windows\Installer\417c4.msp
+ 2006-05-02 19:07 . 2006-05-02 19:07 13369856 c:\windows\Installer\1dcc7.msi
+ 2008-07-30 14:50 . 2008-07-30 14:50 12506112 c:\windows\Installer\10566a8.msp
+ 2008-06-04 19:29 . 2008-06-04 19:29 16905728 c:\windows\Installer\105665f.msp
+ 2008-01-14 21:24 . 2008-01-14 21:24 10721280 c:\windows\Installer\1056602.msp
+ 2007-04-22 01:02 . 2007-04-22 01:02 43402752 c:\windows\Downloaded Installations\{9D45D07B-E5A5-403F-82ED-FEF047CDFA01}\CDCARDLBK3.msi
+ 2008-01-24 02:30 . 2008-01-24 02:30 12568576 c:\windows\Downloaded Installations\{885582E4-09F5-4CE2-8234-187CEDE982B8}\Yahoo! Music Jukebox.msi
+ 2007-07-27 15:10 . 2007-07-27 15:10 128491008 c:\windows\Installer\e2f7eb.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe" [2006-04-03 32768]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SASrun.exe" [2009-05-26 1830128]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1 \DW\dwtrig20.exe" [2007-02-26 437160]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 18:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CreataCard Gold 3 Forget Me Not Reminders Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\CreataCard Gold 3 Forget Me Not Reminders Tray Icon.lnk
backup=c:\windows\pss\CreataCard Gold 3 Forget Me Not Reminders Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"%windir%\\system32\\sessmgr.exe"=

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1005000 .087\SymEFA.sys [24/03/2009 12:28 p.m. 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1005000.087 \BHDrvx86.sys [24/03/2009 12:28 p.m. 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1005000.0 87\cchpx86.sys [24/03/2009 12:27 p.m. 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090625. 003\IDSXpx86.sys [02/07/2009 11:24 a.m. 276344]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [26/05/2009 10:05 a.m. 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [26/05/2009 10:05 a.m. 72944]
R2 Belkin 54g Wireless USB Network Adapter Service;Belkin 54g Wireless USB Network Adapter;c:\program files\Belkin\Belkin Wireless Network Utility\WLService.exe [27/05/2006 10:20 p.m. 49152]
R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [04/11/2005 06:53 p.m. 14336]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [26/06/2009 11:41 a.m. 101936]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [26/05/2009 10:05 a.m. 7408]
S1 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\system32\drivers\eusk2par.sys [05/06/2007 11:22 a.m. 24786]
S2 hqvf;hqvf;c:\windows\system32\drivers\ufagzr.sys --> c:\windows\system32\drivers\ufagzr.sys [?]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPO RT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 AMXBRR;AMXBRR;c:\docume~1\ADMINI~1\LOCALS~1\Temp\A MXBRR.exe --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\AMXBRR.exe [?]
S3 CH;CH;c:\docume~1\ADMINI~1\LOCALS~1\Temp\CH.exe --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\CH.exe [?]
S3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavS RK.sys --> c:\windows\system32\PavSRK.sys [?]
S3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavT PK.sys --> c:\windows\system32\PavTPK.sys [?]
S3 VYNWS;VYNWS;c:\docume~1\ADMINI~1\LOCALS~1\Temp\VYN WS.exe --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\VYNWS.exe [?]
S3 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 06:19 p.m. 13592]
S4 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe [24/03/2009 12:28 p.m. 115560]
.
Contents of the 'Scheduled Tasks' folder

2009-07-02 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]

2006-03-26 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2005-11-05 00:12]

2006-03-26 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2005-11-05 00:12]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com.gt/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Mynor\Application Data\Mozilla\Firefox\Profiles\exw93s9e.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Diccionario RAE
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.gt/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\npr pbrowserrecordplugin.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-02 16:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

[HKEY_LOCAL_MACHINE\System\ControlSet006\Services\N orton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Installer\UserData\LocalSystem\Componen ts\h–€|ÿÿÿÿ¤•€|ù•A~*]
"A0C0110900063D11C8EF10054038389C"="C?\\WINDOWS\\s ystem32\\FM20ENU.DLL"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(944)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2736)
c:\docume~1\Mynor\LOCALS~1\Temp\IadHide5.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\Software Suite\PhotoImpression\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\acs.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\program files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\windows\system32\DVDRAMSV.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\HPZipm12.exe
c:\windows\system32\snmp.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
.
************************************************** ************************
.
Completion time: 2009-07-02 16:57 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-02 22:57
ComboFix2.txt 2009-06-29 17:21
ComboFix3.txt 2009-06-29 16:23

Pre-Run: 21,077,319,680 bytes free
Post-Run: 20,315,373,568 bytes free

Current=6 Default=6 Failed=5 LastKnownGood=7 Sets=1,2,3,4,5,6,7
398 --- E O F --- 2009-07-02 14:17

Desinstala CF de esta manera:

• Ve a Inicio > Ejecutar
• Escribe lo siguiente: ComboFix /u como muestra la imagen debajo:
  
  o
• Esto activara el desinstalador de ComboFix abriendo su pantalla principal y luego de unos segundos veras ("ComboFix is uninstalled")

Esto realizara las siguientes tareas:

• Se borraran:
  • ComboFix: sus archivos y carpetas.
  • VundoFix: copias de seguridad (si está presente)
  • La carpeta C:\Deckard (si está presente)
  • La carpeta C: _OtMoveIt (si está presente)
• Restablece la configuración del reloj.
• Ocultar extensiones de archivo (si es necesario.)
• Oculta los archivos que estaban ocultos
• Reactiva el "Restaurar Sistema"

Me comentas como sigue tu pc ahora. Salu2

Nuevamente muchas gracias, voy a realizarlo y te cuento....

Saludos